[go: up one dir, main page]

CN1943203B - Method for verifying a first identity and a second identity of an entity - Google Patents

Method for verifying a first identity and a second identity of an entity Download PDF

Info

Publication number
CN1943203B
CN1943203B CN200580011278.8A CN200580011278A CN1943203B CN 1943203 B CN1943203 B CN 1943203B CN 200580011278 A CN200580011278 A CN 200580011278A CN 1943203 B CN1943203 B CN 1943203B
Authority
CN
China
Prior art keywords
application function
network application
entity
identifier
identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
CN200580011278.8A
Other languages
Chinese (zh)
Other versions
CN1943203A (en
Inventor
珀克卡·莱蒂南
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nokia Technologies Oy
Original Assignee
Nokia Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Inc filed Critical Nokia Inc
Priority to CN201510428996.0A priority Critical patent/CN104954391B/en
Publication of CN1943203A publication Critical patent/CN1943203A/en
Application granted granted Critical
Publication of CN1943203B publication Critical patent/CN1943203B/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method for verifying a first identity and a second identity of an entity, the method comprising: receiving first identification information at a checking entity; sending second identification information from the entity to the verifying entity; verifying that the first identity and the second identity both belong to the entity; and generating a key using one of the first identification information and the second identification information.

Description

用于验证实体的第一标识和第二标识的方法Method for verifying a first identity and a second identity of an entity

技术领域 technical field

本发明涉及验证网络实体的标识。The present invention relates to verifying the identity of a network entity.

背景技术 Background technique

当前朝着真正移动的计算和联网的发展已经带来了各种接入技术的演进,在用户在他们自己的归属网络以外时这些接入技术还为他们提供对因特网的接入。提供真正无处不在的万维网(WWW)接入的第一公共通信网是基于GSM的移动电话网。The current move towards truly mobile computing and networking has brought about the evolution of various access technologies that also provide users with access to the Internet when they are outside their own home network. The first public communication network to provide truly ubiquitous World Wide Web (WWW) access was the GSM-based mobile telephone network.

迄今为止,因特网的使用已经为个人到机器的通信即信息服务所支配。朝着所谓第三代(3G)无线网络的演进随之带来移动多媒体通信,这也将改变基于IP的服务在公共移动网中的利用方式。如第三代合作伙伴项目(3GPP)所规定的IP多媒体子系统(IMS)将移动语音通信与因特网技术相结合,允许将基于IP的多媒体服务运用于移动网络中。To date, use of the Internet has been dominated by personal-to-machine communication as information services. The evolution towards so-called third generation (3G) wireless networks with consequent mobile multimedia communications will also change the way IP-based services are utilized in public mobile networks. The IP Multimedia Subsystem (IMS), as specified by the 3rd Generation Partnership Project (3GPP), combines mobile voice communications with Internet technology, allowing IP-based multimedia services to be deployed in mobile networks.

发明人已经发现移动多媒体通信在第三代无线网络中的重要问题,即标识一致性检验在所谓第三代通用认证架构GAA中的问题。这一点例如在技术规范TS 33.220v6中有所描述。The inventors have discovered an important problem of mobile multimedia communication in the third generation wireless network, that is, the problem of identification consistency verification in the so-called third generation general authentication architecture GAA. This is described, for example, in technical specification TS 33.220v6.

具有多媒体功能的新移动终端(多媒体电话)为应用开发者提供了开放式开发平台,允许独立的应用开发者为多媒体环境设计新服务和应用。用户就可以将新应用/服务下载到他们的移动终端而且在其中使用它们。New mobile terminals (multimedia phones) with multimedia functions provide application developers with an open development platform, allowing independent application developers to design new services and applications for the multimedia environment. Users can then download new applications/services to their mobile terminals and use them there.

GAA将作为用于多个未来应用和服务的安全过程。然而,本发明人已经发现GAA中的缺陷。GAA will serve as a security procedure for several future applications and services. However, the present inventors have discovered a defect in GAA.

特别地,在GAA中需要自举(bootstrapping)服务器功能(BSF)以便能够验证网络应用功能(NAF)的公共标识符与NAF的GAA内部标识符之间的绑定。NAF的公共标识符是用户设备(UE)在Ua接口中使用的NAF的公共主机名。内部NAF标识符是在Zn接口中在对应的DIAMETER消息中使用的网络地址。由于自举服务功能在NAF专用密钥(Ks_NAF)的导出期间使用公共NAF标识符,所以在自举功能中需要该公共NAF标识符。In particular, a bootstrapping server function (BSF) is required in GAA to be able to verify the binding between the public identifier of the network application function (NAF) and the GAA internal identifier of the NAF. The public identifier of the NAF is the public hostname of the NAF used by the user equipment (UE) in the Ua interface. The internal NAF identifier is the network address used in the corresponding DIAMETER message in the Zn interface. Since the bootstrap service function uses the public NAF identifier during the derivation of the NAF private key (Ks_NAF), it is required in the bootstrap function.

如果NAF进行基于虚拟名的托管,也就是让多个主机名映射到单个IP(因特网协议)地址上,则这一问题更为明显。因此,在内部NAF地址与公共NAF地址之间可能有一对多的映射。域名服务器不能验证在自举服务器功能中由某一内部NAF地址标识的某一NAF地址是否被授权使用某一公共NAF地址。This problem is even more pronounced if the NAF is doing virtual name-based hosting, that is, having multiple hostnames mapped to a single IP (Internet Protocol) address. Therefore, there may be a one-to-many mapping between internal NAF addresses and public NAF addresses. A domain name server cannot verify whether a certain NAF address identified by an internal NAF address in the bootstrap server function is authorized to use a certain public NAF address.

本发明的实施例寻求解决上述问题。Embodiments of the present invention seek to address the above-mentioned problems.

发明内容 Contents of the invention

根据本发明的实施例,提供一种用于验证网络应用功能实体的第一标识和第二标识的方法,所述方法包括:在检验实体接收该网络应用功能实体的第一网络应用功能标识信息;在该检验实体从该网络应用功能实体接收该网络应用功能实体的第二网络应用功能标识信息;验证该第一网络应用功能标识与第二网络应用功能标识之间的映射,以验证所述第一网络应用功能标识与第二网络应用功能标识是否均属于所述网络应用功能实体;以及响应于验证成功,使用所述第一网络应用功能标识信息和第二网络应用功能标识信息之一生成密钥。According to an embodiment of the present invention, a method for verifying a first identifier and a second identifier of a network application function entity is provided, the method comprising: receiving the first network application function identifier information of the network application function entity at the verification entity ; when the verification entity receives the second network application function identifier information of the network application function entity from the network application function entity; verify the mapping between the first network application function identifier and the second network application function identifier, to verify the Whether the first network application function identifier and the second network application function identifier both belong to the network application function entity; and in response to successful verification, use one of the first network application function identifier information and the second network application function identifier information to generate key.

根据本发明的另一实施例,提供一种一种用于验证网络应用功能实体的第一标识和第二标识的系统,包括:用于在检验实体接收该网络应用功能实体的第一网络应用功能标识的装置,用于将该网络应用功能实体的第二网络应用功能标识从该网络应用功能实体发送到所述检验实体的装置,用于验证该第一网络应用功能标识和第二网络应用功能标识之间的映射以验证所述第一网络应用功能标识与第二网络应用功能标识是否均属于所述网络应用功能实体的装置,以及用于响应于验证成功从所述第一网络应用功能标识和第二网络应用功能标识之一生成密钥的装置。According to another embodiment of the present invention, a system for verifying a first identity and a second identity of a network application functional entity is provided, including: a first network application for receiving the network application functional entity at the verification entity The means for function identification is used for sending the second network application function identification of the network application function entity from the network application function entity to the means for verifying the verification entity, which is used for verifying the first network application function identification and the second network application function identification A device for mapping between function identifiers to verify whether both the first network application function identifier and the second network application function identifier belong to the network application function entity; One of the identification and the second network application function identification generates the device for the key.

根据本发明的另一实施例,提供一种一种用于验证网络应用功能实体的第一标识和第二标识的设备,包括:用于在检验实体接收该网络应用功能实体的第一网络应用功能标识信息的装置,用于在该检验实体从该网络应用功能实体接收该网络应用功能实体的第二网络应用功能标识信息的装置,用于验证该第一网络应用功能标识和第二网络应用功能标识之间的映射,以验证所述第一网络应用功能标识与第二网络应用功能标识是否均属于所述网络应用功能实体的装置,以及用于响应于验证成功使用所述第一网络应用功能标识信息和第二网络应用功能标识信息之一生成密钥的装置。According to another embodiment of the present invention, there is provided a device for verifying a first identity and a second identity of a network application functional entity, including: a first network application for receiving the network application functional entity at the verification entity The means for the function identification information is used to verify the first network application function identification and the second network application function identification information when the verification entity receives the second network application function identification information of the network application function entity from the network application function entity. mapping between function identifiers, for verifying whether the first network application function identifier and the second network application function identifier both belong to the network application function entity, and for successfully using the first network application in response to the verification A device for generating a key from one of the function identification information and the second network application function identification information.

根据本发明的实施例,提供一种用于网络应用功能实体的设备,该网络应用功能实体包括第一网络应用功能标识和第二网络应用功能标识,所述设备包括:用于将该第二网络应用功能标识发送到检验实体的装置,以及用于从检验实体接收密钥的装置,其中所述密钥是响应于通过验证该第一网络应用功能标识与第二网络应用功能标识之间的映射来验证所述第一网络应用功能标识与第二网络应用功能标识均属于所述网络应用功能实体,而从所述第二网络应用功能标识生成的。According to an embodiment of the present invention, a device for a network application function entity is provided, where the network application function entity includes a first network application function identifier and a second network application function identifier, and the device includes: for the second means for sending the network application function identification to the verification entity, and means for receiving a key from the verification entity, wherein the key is responsive to verifying the connection between the first network application function identification and the second network application function identification. Mapping to verify that both the first network application function identifier and the second network application function identifier belong to the network application function entity, and are generated from the second network application function identifier.

附图说明 Description of drawings

为了更好地理解本发明以及可以如何将本发明付诸实践,现在将以示例的方式对附图进行参照,在附图中:For a better understanding of the invention and how it may be put into practice, reference will now be made, by way of example, to the accompanying drawings, in which:

图1示出了GAA应用的概图;Figure 1 shows an overview of the GAA application;

图2示出了在本发明的一个实施例中的第一信号流;以及Figure 2 shows a first signal flow in one embodiment of the invention; and

图3示出了在本发明的另一实施例中的第二信号流。Fig. 3 shows a second signal flow in another embodiment of the invention.

具体实施方式 detailed description

现在参照图1,该图示出了本发明实施例可以结合于其中的GAA架构。Referring now to FIG. 1 , there is shown a GAA architecture in which embodiments of the present invention may be incorporated.

提供了用户设备UE 20。用户设备可以采用任何适当的形式,例如可以是移动电话、个人管理器、计算机或者任何其它适当的设备。用户设备20被设置用以经由Ub接口与自举服务器功能BSF 28通信。用户设备20也被设置用以经由Ua接口与网络应用功能NAF 29通信。A user equipment UE 20 is provided. The user equipment may take any suitable form, for example may be a mobile phone, personal organizer, computer or any other suitable device. The user equipment 20 is arranged to communicate with a bootstrapping server function BSF 28 via the Ub interface. The user equipment 20 is also arranged to communicate with a network application function NAF 29 via the Ua interface.

网络应用功能29可以划分成授权代理功能25和应用专用服务器26。网络应用功能29经由Zn接口连接到自举服务器功能28。The web application function 29 can be divided into an authorization proxy function 25 and an application-specific server 26 . The web application function 29 is connected to the bootstrap server function 28 via the Zn interface.

自举服务器功能28经由Zh接口连接到归属订户系统HSS 27。自举服务器功能和用户设备被设置用以使用AKA(认证和密钥协议)相互认证而且关于会话密钥达成协议,该密钥此后就应用于用户设备与网络应用功能之间。一旦已经完成自举过程,用户设备和NAF可以运行某一应用专用协议,其中对消息的认证将基于在用户设备与自举服务器功能之间使用Ub接口的相互认证期间生成的那些会话密钥。一般地,在用户设备与NAF之间将没有预先的安全关联。NAF将能够对订户的自举服务器功能进行定位而且与之安全地通信。NAF将能够获取共享密钥材料(key material)或者从这一共享密钥材料导出的NAF专用密钥材料,该共享密钥材料是通过Ub接口的自举过程期间在用户设备与BSF之间建立的。NAF被设置用以检验共享密钥材料的寿命。The Bootstrap Server Function 28 is connected to the Home Subscriber System HSS 27 via the Zh interface. The bootstrap server function and the user equipment are arranged to mutually authenticate using AKA (Authentication and Key Agreement) and agree on a session key which is then applied between the user equipment and the network application function. Once the bootstrapping process has been completed, the user equipment and the NAF may run some application specific protocol, where the authentication of the messages will be based on those session keys generated during the mutual authentication between the user equipment and the bootstrap server function using the Ub interface. Generally, there will be no prior security association between user equipment and NAF. The NAF will be able to locate and securely communicate with the subscriber's bootstrap server function. The NAF shall be able to obtain the shared key material (key material) or the NAF-specific key material derived from this shared key material, which is established between the user equipment and the BSF during the bootstrapping process through the Ub interface of. NAF is set to verify the lifetime of the shared key material.

除了它的正常功能之外,HSS还在订户配置中存储与自举服务器功能有关的参数。可选地,与一些NAF的使用有关的参数被存储于HSS中。In addition to its normal functions, the HSS also stores parameters related to the bootstrap server functionality in the subscriber configuration. Optionally, parameters related to the use of some NAFs are stored in the HSS.

将更具体地描述接口。Ua接口承载有通过使用密钥材料或者导出密钥材料来保证其安全的应用协议,这些密钥材料是由于通过Ub接口运行HTTP摘要AKA而在用户设备与基站功能之间所认可的。The interface will be described more specifically. The Ua interface carries application protocols that are secured by using or deriving keying material that is recognized between the UE and the base station functions due to running HTTP Digest AKA over the Ub interface.

Ub接口提供用户设备与自举服务器功能之间的相互认证。它允许用户设备基于3GPP AKA基础结构来自举会话密钥。The Ub interface provides mutual authentication between the user equipment and the bootstrap server function. It allows user equipment to bootstrap session keys based on the 3GPP AKA infrastructure.

在BSF与HSS之间使用的Zh接口协议允许BSF从HSS读取所需的认证信息和订户配置信息。通向3G认证中心的接口是HSS内部的。The Zh interface protocol used between BSF and HSS allows BSF to read required authentication information and subscriber configuration information from HSS. The interface to the 3G authentication center is internal to the HSS.

Zn接口由NAF用来从BSF读取在通过Ub接口运行的先前HTTP摘要AKA协议期间所认可的密钥材料或者导出密钥材料。它也可以用来从BSF读取NAF专用订户配置信息。The Zn interface is used by the NAF to read or derive keying material from the BSF that was approved during the previous HTTP Digest AKA protocol run over the Ub interface. It can also be used to read NAF specific subscriber configuration information from BSF.

简单地说,在本发明的实施例中,NAF 29将NAF的公共标识符发送到自举服务器功能28。自举服务器功能将验证公共NAF标识符与内部NAF标识符之间的绑定。公共NAF标识符由BSF用来从在Ub接口中的自举过程期间建立的主密钥材料(Ks)导出NAF专用密钥(Ks_NAF)。特别地,在托管NAF的网络单元让一个或多个网络接口用于为来自用户设备的输入连接进行服务的情况下,本发明的实施例是适用的。这是公共(或者外部)网络接口,而且经由Ua接口。一个网络接口用于连接到比如BSF这样的运营商服务,也就是经由NAF 29与BSF 28之间的Zn接口的内部网络接口。Briefly, in an embodiment of the invention, the NAF 29 sends the NAF's public identifier to the bootstrap server function 28. The bootstrap server function will verify the binding between the public NAF identifier and the internal NAF identifier. The public NAF identifier is used by the BSF to derive the NAF specific key (Ks_NAF) from the master keying material (Ks) established during the bootstrapping process in the Ub interface. In particular, embodiments of the invention are applicable where the network element hosting the NAF has one or more network interfaces for servicing incoming connections from user equipment. This is the public (or external) network interface, and via the Ua interface. One network interface is used to connect to operator services such as BSF, ie the internal network interface via the Zn interface between NAF 29 and BSF 28.

由NAF在DIAMETER消息中将在Zn接口中内部网络接口的地址添加到例如“源主机”字段。本发明的实施例将NAF的外部网络接口地址,也就是公共地址从NAF传达到BSF。这可以通过使用AVP(属性值对)将该信息从NAF 29传送到BSF来实现。如前所述,由于BSF从用户设备所用的NAF的完全限定域名(FQDN)(也就是NAF的公共地址)导出NAF专用密钥(Ks_NAF),所以外部地址或者公共地址由BSF使用。BSF检验由Zn接口中使用的内部地址(NAF_id_Zn)所标识的NAF被授权使用在Ua接口中使用的外部地址(NAF_id_Ua)。The address of the internal network interface in the Zn interface is added by NAF in the DIAMETER message eg to the "Origin Host" field. Embodiments of the present invention communicate the external network interface address of the NAF, that is, the public address, from the NAF to the BSF. This can be achieved by using an AVP (Attribute Value Pair) to convey this information from NAF 29 to BSF. As mentioned earlier, the external or public address is used by the BSF since the BSF derives the NAF private key (Ks_NAF) from the fully qualified domain name (FQDN) of the NAF used by the user equipment (ie, the public address of the NAF). The BSF verifies that the NAF identified by the internal address (NAF_id_Zn) used in the Zn interface is authorized to use the external address (NAF_id_Ua) used in the Ua interface.

在本发明的实施例中,NAF在第一消息中发送NAF_Id_Ua,并且接收作为响应的确认(或者错误)消息。可以同时传送UID,也可以不这样。对应的响应因此可以仅涉及公共NAF标识符和内部NAF标识符的映射。在本发明的实施例中,将公共NAF标识符和内部NAF标识符发送到BSF,BSF检验它们之间的映射,而且使用公共NAF标识符导出NAF专用密钥。In an embodiment of the invention, the NAF sends NAF_Id_Ua in a first message, and receives an acknowledgment (or error) message in response. The UID may or may not be transmitted at the same time. The corresponding response may thus only concern the mapping of public and internal NAF identifiers. In an embodiment of the invention, the public NAF identifier and the internal NAF identifier are sent to the BSF, the BSF checks the mapping between them and uses the public NAF identifier to derive the NAF specific key.

现在将参照图2,该图示出了在本发明的一个实施例中的第一信号流。图2示出了经由Zn接口在NAF 29与BSF 28之间的消息接发细节。在发生Zn接口消息接发之前,用户设备已经通过Ua接口向NAF请求服务。利用这一请求,用户设备已经给出TID(事务标识符)以及可能还有用户标识符UID。用户标识符可以在随后的消息中从用户设备传送到NAF。图2描述了在同一消息中将TID和UID从用户设备发送到NAF的情况。Reference will now be made to Figure 2, which illustrates a first signal flow in one embodiment of the present invention. Figure 2 shows messaging details between NAF 29 and BSF 28 via the Zn interface. Before the Zn interface messaging takes place, the user equipment has requested services from the NAF through the Ua interface. With this request, the user equipment has given the TID (Transaction Identifier) and possibly the User Identifier UID. The user identifier may be communicated from the user equipment to the NAF in a subsequent message. Figure 2 describes the case where the TID and UID are sent from the user equipment to the NAF in the same message.

在步骤1a中,NAF 29将TID、NAF_id_UA和UID发送到BSF28。BSF验证TID到UID的映射以及NAF_id_Zn到NAF_id_Ua的映射。NAF_id_Ua可以例如从源主机AVP获得。换句话说,BSF检验由内部地址标识的NAF被授权使用外部地址。如果这些验证成功,则BSF使用NAF_id_UA导出Ks_NAF。In step 1a, NAF 29 sends TID, NAF_id_UA and UID to BSF 28. The BSF verifies the mapping of TID to UID and the mapping of NAF_id_Zn to NAF_id_Ua. NAF_id_Ua can eg be obtained from the source host AVP. In other words, the BSF verifies that the NAF identified by the internal address is authorized to use the external address. If these verifications are successful, the BSF uses NAF_id_UA to derive Ks_NAF.

在步骤2a中,BSF将Ks_NAF和NAF专用用户安全设置“USS”发送到NAF 29。在本发明的一些实施例中,NAF可以没有USS,因此USS AVP是可选的。在接收Ks_NAF之后,NAF可以完成验证过程,并且假设UID是正确的。如果没有找到TID而且TID到UID或者NAF_id_UA验证失败,则BSF应当将错误消息返回给NAF。In step 2a, the BSF sends the Ks_NAF and the NAF-specific user security setting "USS" to the NAF 29 . In some embodiments of the present invention, NAF may not have USS, so USS AVP is optional. After receiving the Ks_NAF, the NAF can complete the verification process and assume the UID is correct. If no TID is found and the TID to UID or NAF_id_UA verification fails, the BSF shall return an error message to the NAF.

在NAF被授权验证多个TID到UID的映射情况下,它可以在步骤3a中将包含TID和另一UID的附加请求发送到BSF。在接收TID和UID时,BSF 28应当验证TID到UID的映射,并且将结果返回到NAF 29。这在步骤4a中发生。在NAF被授权验证多个TID到UID的映射时,BSF应当仅执行该操作。在这一情况下,NAF可以多次重复步骤3a和步骤4a。In case the NAF is authorized to verify the mapping of multiple TIDs to UIDs, it may send an additional request containing the TID and another UID to the BSF in step 3a. Upon receiving the TID and UID, the BSF 28 shall verify the TID-to-UID mapping and return the result to the NAF 29. This happens in step 4a. The BSF shall only perform this operation when the NAF is authorized to verify the mapping of multiple TIDs to UIDs. In this case, NAF may repeat steps 3a and 4a multiple times.

现在将参照图3,该图示出了在不同消息中接收TID和UID的情况。例如,TID发送到针对UID的NAF。Reference will now be made to Figure 3, which illustrates the receipt of the TID and UID in separate messages. For example, TID is sent to NAF for UID.

在步骤1b中,NAF 29将TID和NAF_ID_Ua发送到BSF。BSF应当验证NAF_id_Zn到NAF_id_Ua的映射。如果这一验证成功,则BSF使用NAF_id_Ua导出Ks_NAF。In step 1b, the NAF 29 sends the TID and NAF_ID_Ua to the BSF. The BSF shall verify the mapping of NAF_id_Zn to NAF_id_Ua. If this verification is successful, the BSF uses NAF_id_Ua to derive Ks_NAF.

在步骤2b中,BSF将Ks_NAF和NAF专用USS发送到NAF。同样,NAF可以没有USS,因此USS AVP是可选的。在接收Ks_NAF之后,NAF 29可以完成认证过程。如果没有找到TID或者NAF_id_Ua验证失败,则BSF 28将错误消息返回给NAF。In step 2b, BSF sends Ks_NAF and NAF dedicated USS to NAF. Also, NAF can be without USS, so USS AVP is optional. After receiving Ks_NAF, NAF 29 may complete the authentication process. If no TID is found or NAF_id_Ua verification fails, BSF 28 returns an error message to NAF.

在步骤3b之前,NAF已经从用户设备接收了UID。在步骤3b中,NAF发送TID和UID以用于验证。BSF在步骤4b中提供这一验证的结果。该过程与图2的消息3a和4a中相同。在这一情况下,允许NAF在单独的消息中验证TID到UID的映射。在步骤1b和2b中不验证UID。在NAF被授权验证多个TID到UID的映射情况下,它可以在步骤5b中将另一请求发送到BSF,并且在步骤6b中获得验证结果。这些步骤对应于图2的步骤4a和步骤4b。步骤5b和步骤6b可以重复多次。如果在BSF数据库中没有找到TID,如果无法验证NAF_id_Ua和NAF_id_Zn的映射,或者如果无法验证TID和UID的映射,则将错误消息从BSF发送到NAF。Before step 3b, the NAF has received the UID from the user equipment. In step 3b, NAF sends TID and UID for authentication. The BSF provides the result of this verification in step 4b. The procedure is the same as in messages 3a and 4a of FIG. 2 . In this case, the NAF is allowed to verify the TID to UID mapping in a separate message. The UID is not verified in steps 1b and 2b. In case the NAF is authorized to verify multiple TID to UID mappings, it may send another request to the BSF in step 5b and obtain the verification result in step 6b. These steps correspond to steps 4a and 4b of FIG. 2 . Step 5b and step 6b can be repeated multiple times. If the TID is not found in the BSF database, if the mapping of NAF_id_Ua and NAF_id_Zn cannot be verified, or if the mapping of TID and UID cannot be verified, an error message is sent from the BSF to the NAF.

因此,本发明的实施例允许NAF通过UA接口将用户设备所使用的NAF标识符发送到BSF,使得BSF能够导出Ks_NAF。Therefore, the embodiment of the present invention allows the NAF to send the NAF identifier used by the user equipment to the BSF through the UA interface, so that the BSF can derive Ks_NAF.

Claims (16)

1.一种用于验证网络应用功能实体的第一标识和第二标识的方法,所述方法包括:1. A method for verifying a first identification and a second identification of a network application functional entity, the method comprising: 在检验实体接收该网络应用功能实体的第一网络应用功能标识信息;receiving the first network application function identification information of the network application function entity at the verification entity; 在该检验实体从该网络应用功能实体接收该网络应用功能实体的第二网络应用功能标识信息;receiving, by the verification entity, the second network application function identification information of the network application function entity from the network application function entity; 验证该第一网络应用功能标识与第二网络应用功能标识之间的映射,以验证所述第一网络应用功能标识与第二网络应用功能标识是否均属于所述网络应用功能实体;以及verifying the mapping between the first web application function identifier and the second web application function identifier, to verify whether both the first web application function identifier and the second web application function identifier belong to the web application function entity; and 响应于验证成功,使用包括公共标识的所述第一网络应用功能标识信息和第二网络应用功能标识信息之一生成密钥,其中所述检验实体包括自举功能实体。In response to successful authentication, a key is generated using one of the first web application function identification information and the second web application function identification information including a public identity, wherein the verification entity includes a bootstrapping function entity. 2.如权利要求1所述的方法,其中所述生成包括从所述第二网络应用功能标识生成所述密钥。2. The method of claim 1, wherein said generating comprises generating said key from said second web application function identification. 3.如权利要求1所述的方法,其中所述第一网络应用功能标识包括公共标识并且所述第二网络应用功能标识包括私有标识。3. The method of claim 1, wherein the first web application function identity comprises a public identity and the second web application function identity comprises a private identity. 4.如权利要求1所述的方法,其中所述第一网络应用功能标识包括私有标识并且所述第二网络应用功能标识包括公共标识。4. The method of claim 1, wherein the first web application function identity comprises a private identity and the second web application function identity comprises a public identity. 5.如权利要求1所述的方法,其中所述接收第一网络应用功能标识信息包括从用户设备接收所述第一网络应用功能标识。5. The method according to claim 1, wherein the receiving first network application function identification information comprises receiving the first network application function identification from a user equipment. 6.如权利要求1至5的任一权利要求所述的方法,进一步包括在与接收该第一网络应用功能标识的消息相同的消息中接收事务标识符。6. A method as claimed in any one of claims 1 to 5, further comprising receiving a transaction identifier in the same message as receiving the first network application function identification. 7.如权利要求1至5的任一权利要求所述的方法,进一步包括在与接收该第一网络应用功能标识的消息不同的消息中接收事务标识符。7. A method as claimed in any one of claims 1 to 5, further comprising receiving the transaction identifier in a different message than the message receiving the first network application function identification. 8.如权利要求1至5的任一权利要求所述的方法,其中所述密钥包括认证密钥。8. A method as claimed in any one of claims 1 to 5, wherein the key comprises an authentication key. 9.如权利要求1至5的任一权利要求所述的方法,进一步包括将所述密钥发送到所述网络应用功能实体。9. The method of any one of claims 1 to 5, further comprising sending the key to the network application function entity. 10.如权利要求1至5的任一权利要求所述的方法,其中如果所述验证不成功,则执行将错误消息发送到该网络应用功能实体。10. The method according to any one of claims 1 to 5, wherein if said verification is unsuccessful, sending an error message to the web application functional entity is performed. 11.如权利要求1至5的任一权利要求所述的方法,进一步包括验证事务标识符到用户标识符的映射。11. The method of any one of claims 1 to 5, further comprising verifying a mapping of transaction identifiers to user identifiers. 12.如权利要求11所述的方法,其中将多个事务标识符映射到用户标识符,并且依次为每个事务标识符到用户标识符的映射执行所述验证。12. The method of claim 11, wherein a plurality of transaction identifiers are mapped to user identifiers, and the verification is performed for each transaction identifier to user identifier mapping in turn. 13.如权利要求3所述的方法,其中所述公共标识为所述网络应用功能实体的外部接口地址。13. The method according to claim 3, wherein the public identifier is an external interface address of the network application function entity. 14.如权利要求4所述的方法,其中所述私有标识为所述网络应用功能实体的内部接口地址。14. The method according to claim 4, wherein the private identifier is an internal interface address of the network application function entity. 15.一种用于验证网络应用功能实体的第一标识和第二标识的系统,包括:15. A system for verifying a first identity and a second identity of a network application functional entity, comprising: 用于在检验实体接收该网络应用功能实体的第一网络应用功能标识的装置,means for receiving, at the verification entity, a first network application function identifier of the network application function entity, 用于将该网络应用功能实体的第二网络应用功能标识从该网络应用功能实体发送到所述检验实体的装置,means for sending a second network application function identification of the network application function entity from the network application function entity to the verification entity, 用于验证该第一网络应用功能标识和第二网络应用功能标识之间的映射以验证所述第一网络应用功能标识与第二网络应用功能标识是否均属于所述网络应用功能实体的装置,以及means for verifying the mapping between the first network application function identifier and the second network application function identifier to verify whether both the first network application function identifier and the second network application function identifier belong to the network application function entity, as well as 用于响应于验证成功,从包括公共标识的所述第一网络应用功能标识和第二网络应用功能标识之一生成密钥的装置,其中所述检验实体包括自举功能实体。Means for generating a key from one of said first and second web application function identities comprising a public identity in response to successful authentication, wherein said verification entity comprises a bootstrapping function entity. 16.一种用于验证网络应用功能实体的第一标识和第二标识的设备,包括:16. A device for verifying a first identity and a second identity of a network application functional entity, comprising: 用于在检验实体接收该网络应用功能实体的第一网络应用功能标识信息的装置,means for receiving, at the verification entity, first network application function identification information of the network application function entity, 用于在该检验实体从该网络应用功能实体接收该网络应用功能实体的第二网络应用功能标识信息的装置,means for receiving, at the verification entity, second network application function identification information of the network application function entity from the network application function entity, 用于验证该第一网络应用功能标识和第二网络应用功能标识之间的映射,以验证所述第一网络应用功能标识与第二网络应用功能标识是否均属于所述网络应用功能实体的装置,以及means for verifying the mapping between the first network application function identifier and the second network application function identifier, to verify whether the first network application function identifier and the second network application function identifier both belong to the network application function entity ,as well as 用于响应于验证成功,使用包括公共标识的所述第一网络应用功能标识信息和第二网络应用功能标识信息之一生成密钥的装置,其中所述检验实体包括自举功能实体。Means for generating a key using one of said first web application function identification information and second web application function identification information including a public identity in response to successful authentication, wherein said verification entity comprises a bootstrapping function entity.
CN200580011278.8A 2004-04-30 2005-04-28 Method for verifying a first identity and a second identity of an entity Expired - Lifetime CN1943203B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510428996.0A CN104954391B (en) 2004-04-30 2005-04-28 For verifying the first identifier of entity and the device and method of second identifier

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
GB0409704.4 2004-04-30
GBGB0409704.4A GB0409704D0 (en) 2004-04-30 2004-04-30 A method for verifying a first identity and a second identity of an entity
PCT/IB2005/001704 WO2005107214A1 (en) 2004-04-30 2005-04-28 A method for verifying a first identity and a second identity of an entity

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN201510428996.0A Division CN104954391B (en) 2004-04-30 2005-04-28 For verifying the first identifier of entity and the device and method of second identifier

Publications (2)

Publication Number Publication Date
CN1943203A CN1943203A (en) 2007-04-04
CN1943203B true CN1943203B (en) 2015-09-09

Family

ID=32408338

Family Applications (2)

Application Number Title Priority Date Filing Date
CN200580011278.8A Expired - Lifetime CN1943203B (en) 2004-04-30 2005-04-28 Method for verifying a first identity and a second identity of an entity
CN201510428996.0A Expired - Lifetime CN104954391B (en) 2004-04-30 2005-04-28 For verifying the first identifier of entity and the device and method of second identifier

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN201510428996.0A Expired - Lifetime CN104954391B (en) 2004-04-30 2005-04-28 For verifying the first identifier of entity and the device and method of second identifier

Country Status (8)

Country Link
US (1) US8107623B2 (en)
EP (1) EP1741268B1 (en)
JP (2) JP4673364B2 (en)
KR (2) KR20070009634A (en)
CN (2) CN1943203B (en)
AU (1) AU2005239509C1 (en)
GB (1) GB0409704D0 (en)
WO (1) WO2005107214A1 (en)

Families Citing this family (61)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9130810B2 (en) 2000-09-13 2015-09-08 Qualcomm Incorporated OFDM communications methods and apparatus
US7295509B2 (en) 2000-09-13 2007-11-13 Qualcomm, Incorporated Signaling method in an OFDM multiple access system
CN1299537C (en) * 2004-06-28 2007-02-07 华为技术有限公司 Method for realizing management of connecting visit network using general weight discrimination frame
US9148256B2 (en) 2004-07-21 2015-09-29 Qualcomm Incorporated Performance based rank prediction for MIMO design
US9137822B2 (en) 2004-07-21 2015-09-15 Qualcomm Incorporated Efficient signaling over access channel
TWI394466B (en) * 2005-02-04 2013-04-21 高通公司 Secure boot of wireless communication
US9246560B2 (en) 2005-03-10 2016-01-26 Qualcomm Incorporated Systems and methods for beamforming and rate control in a multi-input multi-output communication systems
US9154211B2 (en) 2005-03-11 2015-10-06 Qualcomm Incorporated Systems and methods for beamforming feedback in multi antenna communication systems
US8446892B2 (en) 2005-03-16 2013-05-21 Qualcomm Incorporated Channel structures for a quasi-orthogonal multiple-access communication system
US9520972B2 (en) 2005-03-17 2016-12-13 Qualcomm Incorporated Pilot signal transmission for an orthogonal frequency division wireless communication system
US9461859B2 (en) 2005-03-17 2016-10-04 Qualcomm Incorporated Pilot signal transmission for an orthogonal frequency division wireless communication system
US9143305B2 (en) 2005-03-17 2015-09-22 Qualcomm Incorporated Pilot signal transmission for an orthogonal frequency division wireless communication system
US9184870B2 (en) 2005-04-01 2015-11-10 Qualcomm Incorporated Systems and methods for control channel signaling
US8046824B2 (en) * 2005-04-11 2011-10-25 Nokia Corporation Generic key-decision mechanism for GAA
US9408220B2 (en) 2005-04-19 2016-08-02 Qualcomm Incorporated Channel quality reporting for adaptive sectorization
US9036538B2 (en) 2005-04-19 2015-05-19 Qualcomm Incorporated Frequency hopping design for single carrier FDMA systems
US8565194B2 (en) 2005-10-27 2013-10-22 Qualcomm Incorporated Puncturing signaling channel for a wireless communication system
US8611284B2 (en) 2005-05-31 2013-12-17 Qualcomm Incorporated Use of supplemental assignments to decrement resources
US8879511B2 (en) 2005-10-27 2014-11-04 Qualcomm Incorporated Assignment acknowledgement for a wireless communication system
US8462859B2 (en) 2005-06-01 2013-06-11 Qualcomm Incorporated Sphere decoding apparatus
US8599945B2 (en) 2005-06-16 2013-12-03 Qualcomm Incorporated Robust rank prediction for a MIMO system
US9179319B2 (en) 2005-06-16 2015-11-03 Qualcomm Incorporated Adaptive sectorization in cellular systems
EP1900169B1 (en) * 2005-07-07 2010-02-03 Telefonaktiebolaget LM Ericsson (publ) Method and arrangement for authentication and privacy
US8885628B2 (en) 2005-08-08 2014-11-11 Qualcomm Incorporated Code division multiplexing in a single-carrier frequency division multiple access system
US9209956B2 (en) 2005-08-22 2015-12-08 Qualcomm Incorporated Segment sensitive scheduling
US20070041457A1 (en) 2005-08-22 2007-02-22 Tamer Kadous Method and apparatus for providing antenna diversity in a wireless communication system
US8644292B2 (en) 2005-08-24 2014-02-04 Qualcomm Incorporated Varied transmission time intervals for wireless communication system
GB0517592D0 (en) * 2005-08-25 2005-10-05 Vodafone Plc Data transmission
US9136974B2 (en) 2005-08-30 2015-09-15 Qualcomm Incorporated Precoding and SDMA support
US9210651B2 (en) 2005-10-27 2015-12-08 Qualcomm Incorporated Method and apparatus for bootstraping information in a communication system
US9172453B2 (en) 2005-10-27 2015-10-27 Qualcomm Incorporated Method and apparatus for pre-coding frequency division duplexing system
US9144060B2 (en) 2005-10-27 2015-09-22 Qualcomm Incorporated Resource allocation for shared signaling channels
US9088384B2 (en) 2005-10-27 2015-07-21 Qualcomm Incorporated Pilot symbol transmission in wireless communication systems
US8045512B2 (en) 2005-10-27 2011-10-25 Qualcomm Incorporated Scalable frequency band operation in wireless communication systems
US8477684B2 (en) 2005-10-27 2013-07-02 Qualcomm Incorporated Acknowledgement of control messages in a wireless communication system
US9225488B2 (en) 2005-10-27 2015-12-29 Qualcomm Incorporated Shared signaling channel
US8693405B2 (en) 2005-10-27 2014-04-08 Qualcomm Incorporated SDMA resource management
US8582509B2 (en) 2005-10-27 2013-11-12 Qualcomm Incorporated Scalable frequency band operation in wireless communication systems
US9225416B2 (en) 2005-10-27 2015-12-29 Qualcomm Incorporated Varied signaling channels for a reverse link in a wireless communication system
US8582548B2 (en) 2005-11-18 2013-11-12 Qualcomm Incorporated Frequency division multiple access schemes for wireless communication
US8234494B1 (en) 2005-12-21 2012-07-31 At&T Intellectual Property Ii, L.P. Speaker-verification digital signatures
US8522025B2 (en) * 2006-03-28 2013-08-27 Nokia Corporation Authenticating an application
CN101102186B (en) * 2006-07-04 2012-01-04 华为技术有限公司 Method for implementing general authentication framework service push
PL2039199T3 (en) * 2006-07-06 2019-06-28 Nokia Technologies Oy User equipment credential system
DE102006054091B4 (en) * 2006-11-16 2008-09-11 Siemens Ag Bootstrapping procedure
EP2095596B1 (en) * 2006-12-19 2010-03-10 Telefonaktiebolaget LM Ericsson (PUBL) Managing user access in a communications network
WO2008082337A1 (en) * 2006-12-28 2008-07-10 Telefonaktiebolaget Lm Ericsson (Publ) Method and arrangement for integration of different authentication infrastructures
US7885640B2 (en) * 2007-01-11 2011-02-08 Nokia Corporation Authentication in communication networks
KR101042242B1 (en) * 2007-09-07 2011-06-17 한국과학기술원 Variants Having 1,4-Butanediol Formation Capacity and Method of Preparing 1,4-Butanediol Using the Same
US8683034B2 (en) * 2007-10-02 2014-03-25 At&T Intellectual Property I, L.P. Systems, methods and computer program products for coordinated session termination in an IMS network
EP2045991A1 (en) * 2007-10-04 2009-04-08 Nokia Siemens Networks Oy Method and device for processing data and communication system comprising such device
US8566910B2 (en) 2010-05-18 2013-10-22 Nokia Corporation Method and apparatus to bind a key to a namespace
US8661257B2 (en) 2010-05-18 2014-02-25 Nokia Corporation Generic bootstrapping architecture usage with Web applications and Web pages
EP2695410B1 (en) * 2011-04-01 2017-04-19 Telefonaktiebolaget LM Ericsson (publ) Methods and apparatuses for avoiding damage in network attacks
KR101230447B1 (en) * 2012-11-19 2013-02-06 프라임텍 주식회사 Jig for testing camera module
US10749731B2 (en) * 2015-07-06 2020-08-18 Telefonaktiebolaget Lm Ericsson (Publ) Facilitating secure communication between a client device and an application server
GB2540354A (en) * 2015-07-13 2017-01-18 Vodafone Ip Licensing Ltd Generci bootstrapping architecture protocol
US10194033B2 (en) * 2015-11-24 2019-01-29 Telefonaktiebolaget Lm Ericsson (Publ) Charging record authentication for anonymized network service utilization
GB2558205B (en) * 2016-12-15 2019-07-03 Arm Ip Ltd Enabling communications between devices
US10607021B2 (en) 2018-01-26 2020-03-31 Bank Of America Corporation Monitoring usage of an application to identify characteristics and trigger security control
CN113518349B (en) * 2020-10-23 2024-12-31 中国移动通信有限公司研究院 Business management method, device, system and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003005669A1 (en) * 2001-07-03 2003-01-16 Telefonaktiebolaget Lm Ericsson (Publ) Method and system for handling multiple registration
US20030229787A1 (en) * 2002-03-22 2003-12-11 Bajko Gabor System and method using temporary identity for authentication with session initiation protocol
US20040153667A1 (en) * 2002-05-22 2004-08-05 Georg Kastelewicz Method for registering a communication terminal

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0373633A (en) 1989-08-14 1991-03-28 Nippon Telegr & Teleph Corp <Ntt> Cryptographic communication system
US5675649A (en) * 1995-11-30 1997-10-07 Electronic Data Systems Corporation Process for cryptographic key generation and safekeeping
GB2328532B (en) * 1998-01-30 2000-10-18 Ibm A peripheral controller for a transaction processing system
US6516414B1 (en) * 1999-02-26 2003-02-04 Intel Corporation Secure communication over a link
EP1045585A1 (en) * 1999-04-13 2000-10-18 CANAL+ Société Anonyme Method of and apparatus for providing secure communication of digital data between devices
EP1104213A3 (en) * 1999-11-29 2003-05-21 Philips Intellectual Property & Standards GmbH Wireless network with key change procedure
US6785713B1 (en) * 2000-05-08 2004-08-31 Citrix Systems, Inc. Method and apparatus for communicating among a network of servers utilizing a transport mechanism
US7107248B1 (en) * 2000-09-11 2006-09-12 Nokia Corporation System and method of bootstrapping a temporary public-key infrastructure from a cellular telecommunication authentication and billing infrastructure
WO2002033887A2 (en) * 2000-10-18 2002-04-25 Koninklijke Philips Electronics N.V. Multiple authentication sessions for content protection
JP4969745B2 (en) * 2001-09-17 2012-07-04 株式会社東芝 Public key infrastructure system
US20030105876A1 (en) * 2001-11-30 2003-06-05 Angelo Michael F. Automatic generation of verifiable customer certificates
US7197301B2 (en) * 2002-03-04 2007-03-27 Telespree Communications Method and apparatus for secure immediate wireless access in a telecommunications network
US7937471B2 (en) * 2002-06-03 2011-05-03 Inpro Network Facility, Llc Creating a public identity for an entity on a network
US7171555B1 (en) * 2003-05-29 2007-01-30 Cisco Technology, Inc. Method and apparatus for communicating credential information within a network device authentication conversation
US7769994B2 (en) * 2003-08-13 2010-08-03 Radware Ltd. Content inspection in secure networks
GB0326265D0 (en) * 2003-11-11 2003-12-17 Nokia Corp Shared secret usage for bootstrapping
CN1300976C (en) 2004-01-16 2007-02-14 华为技术有限公司 Method for obtaining user identification information for network application entity
US20070005623A1 (en) * 2005-06-30 2007-01-04 Microsoft Corporation Process oriented message driven workflow programming model

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003005669A1 (en) * 2001-07-03 2003-01-16 Telefonaktiebolaget Lm Ericsson (Publ) Method and system for handling multiple registration
US20030229787A1 (en) * 2002-03-22 2003-12-11 Bajko Gabor System and method using temporary identity for authentication with session initiation protocol
US20040153667A1 (en) * 2002-05-22 2004-08-05 Georg Kastelewicz Method for registering a communication terminal

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
3GPP.3rdGenerationPartnershipproject;TechnicalSpecificationGroupServices and SystemAspects;GenericAuthenticationArchitecture(GAA);Genericbootstrappingarchitecture(Release6).3GPP TS33.220 V6.0.0.2004,3(33220600),第4.5.1节-第4.5.4节. *

Also Published As

Publication number Publication date
EP1741268A1 (en) 2007-01-10
CN1943203A (en) 2007-04-04
KR100985869B1 (en) 2010-10-08
AU2005239509B2 (en) 2009-02-26
AU2005239509C1 (en) 2009-07-23
CN104954391B (en) 2019-01-08
US8107623B2 (en) 2012-01-31
JP2007528650A (en) 2007-10-11
KR20080086932A (en) 2008-09-26
WO2005107214A1 (en) 2005-11-10
KR20070009634A (en) 2007-01-18
US20050246548A1 (en) 2005-11-03
EP1741268B1 (en) 2018-07-04
GB0409704D0 (en) 2004-06-02
JP4673364B2 (en) 2011-04-20
AU2005239509A1 (en) 2005-11-10
CN104954391A (en) 2015-09-30
JP2011091850A (en) 2011-05-06

Similar Documents

Publication Publication Date Title
CN1943203B (en) Method for verifying a first identity and a second identity of an entity
JP2007528650A5 (en)
CN102027764B (en) Method, system, and apparatus for access of network services using subscriber identities
RU2414086C2 (en) Application authentication
CN102550001B (en) User identity management for permitting interworking of a bootstrapping architecture and a shared identity service
AU2006211991B2 (en) Method and apparatus for optimal transfer of data in a wireless communications system
CN112291064B (en) Authentication system, registration and authentication method, device, storage medium and electronic equipment
CN101138217A (en) Method and apparatus for authenticating a user by comparing non-network-originated identities
CN114390524B (en) One-key login service implementation method and device
US20130019097A1 (en) Method and Apparatus for Securing Communication Between a Mobile Node and a Network
US20110173687A1 (en) Methods and Arrangements for an Internet Multimedia Subsystem (IMS)
CN102934415A (en) Transmitting authentication information
CN106714154A (en) Generic bootstrapping architecture protocol
CN1922912B (en) Method for the control and evaluation of a message traffic of a communication unit by means of a first network unit within a mobile radio system, pertaining communication unit and first network unit
CN102695171B (en) Subscriber identity obtaining method, system and equipment thereof
US7940902B2 (en) Method and apparatus for implementing card call service
CN119210736B (en) Application credibility checking method and system based on APN6 network
CN101621505B (en) Access authentication method, system and terminal
CN1777102B (en) Device and method for software terminal to access IP multimedia subsystem
CN113132323B (en) Communication method and device
CN118264422A (en) A multi-factor identity authentication method, device and system for mail system
CN115150075A (en) Method, apparatus, device and medium for data communication based on shared secret key
CN101026453A (en) General authorityidentifying system and method for accessing its network business application
RU2291593C2 (en) Method for identification of end communication device
WO2022247938A1 (en) Terminal device registration method, related device, system, and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C41 Transfer of patent application or patent right or utility model
TR01 Transfer of patent right

Effective date of registration: 20160112

Address after: Espoo, Finland

Patentee after: NOKIA TECHNOLOGIES OY

Address before: Espoo, Finland

Patentee before: NOKIA Corp.

CX01 Expiry of patent term
CX01 Expiry of patent term

Granted publication date: 20150909